Inside Tufts

University Information Technology

Information Security

Standards for Securing Desktops

Securing desktops increases their stability, and thus the productivity of staff. Malicious criminals, as well as so called "script kiddies", target Tufts desktops for many reasons; 1) to use as part of "botnets", collections of computers controlled remotely and used to send spam, or attack high profile corporations, 2) to store and distribute movies, music, or pornography and 3) as a stepping stone into sensitive servers. Desktops which are placed onto our network without proper security have been compromised in as little as five minutes.

General overview
CERT: Securing Desktop Workstations
Safeguards
Secure it before it goes on the network.
  • Eliminate unnecessary applications and network services.
  • Install all operating system patches which apply.
  • Install needed applications and network services securely.
  • Change all passwords for default vendor accounts.
  • Verify user account security, use strong passwords.
  • Configure logging.
  • For details refer to operating system (OS) standards listed below.
Install Tufts desktop anti-virus software.
Keep up-to-date on application and operating system updates and patches.
Keep recovery tools, backups and images up-to-date.
Removal and/or redeployment
Use secure file deletion to erase hard drives.
Best Practices for Windows Desktops
Windows 2000 Pro CIS Benchmark .. the "Gold Standard"
Windows XP Pro CIS Benchmark .. the "Gold Standard"
Microsoft's Windows XP Security Guide updated 4/10/2006 with variants for enterprise clients, stand-alone and specialized hosts.
Microsoft Increase your IE Browsing and Email Safety
Best Practices for Max OS X Desktops
Understanding the Macintosh OS X Platform and Usage
Best Practices for Unix
CERT Unix Security Checklist
Find detailed instructions for your distribution, see our Unix OS Security resources